From 04858ddd222bbf7156f33f99cfb293a9b1e15ec8 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Wed, 2 Jun 2021 14:21:30 +0200
Subject: nametransform: check name validity on encryption

xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.

With this change we do not allow to set them in the first
place.
---
 internal/fusefrontend/root_node.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'internal/fusefrontend/root_node.go')

diff --git a/internal/fusefrontend/root_node.go b/internal/fusefrontend/root_node.go
index e998e9d..a830cc4 100644
--- a/internal/fusefrontend/root_node.go
+++ b/internal/fusefrontend/root_node.go
@@ -311,10 +311,13 @@ func (rn *RootNode) decryptXattrValue(cData []byte) (data []byte, err error) {
 }
 
 // encryptXattrName transforms "user.foo" to "user.gocryptfs.a5sAd4XAa47f5as6dAf"
-func (rn *RootNode) encryptXattrName(attr string) (cAttr string) {
+func (rn *RootNode) encryptXattrName(attr string) (string, error) {
 	// xattr names are encrypted like file names, but with a fixed IV.
-	cAttr = xattrStorePrefix + rn.nameTransform.EncryptName(attr, xattrNameIV)
-	return cAttr
+	cAttr, err := rn.nameTransform.EncryptName(attr, xattrNameIV)
+	if err != nil {
+		return "", err
+	}
+	return xattrStorePrefix + cAttr, nil
 }
 
 func (rn *RootNode) decryptXattrName(cAttr string) (attr string, err error) {
-- 
cgit v1.2.3